Articles about cyberattack

Researchers at Checkmarx have detected several open-source software supply chain attacks that specifically target the banking sector.

These attacks use advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to them. The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and customized command and control centers for each target, exploiting legitimate services for illicit activities.

Continue reading →

Recent reports have shown that email is still the channel where enterprises are most vulnerable to attacks, in particular phishing.

But adding new browser-based layers of security protection can disrupt such killchains, for example by preventing phishing victims from accessing or engaging with spoofed sites. We spoke to Red Access co-founder and CTO Tal Dery to find out more.

Continue reading →

A new report from cloud risk and detection specialist Rapid7 reveals that Japanese businesses have become a significant target for state-sponsored cyberattacks.

This increased vulnerability has been driven by a fragile global economy and increased political and diplomatic tensions. The Japanese automotive industry and financial services sectors are of particular interest to these actors due to their global reach.

Continue reading →

A new report shows a 1,400 percent increase in fileless or memory-based attacks, which exploit existing software, applications, and protocols to perform malicious activities against cloud-based systems.

The research from Aqua Security's Nautilus research team collected honeypot data over a six-month period and shows that more than 50 percent of the attacks focused on defense evasion.

Continue reading →

New research from Nexusguard shows that last year DDoS attacks worldwide increased by 115.1 percent over the 2021 level.

Attackers have also continued to alter their threat vectors by targeting the application platforms, online databases, and cloud-based storage systems within Internet Service Providers (ISPs). This has resulted in a significantly greater impact globally as organizations continue to move more of their workloads to the cloud.

Continue reading →

Security information and event management systems (SIEMs) are missing detections for 76 percent of MITRE ATT&CK techniques that adversaries use to breach their environments, according to a new report.

Produced by CardinalOps, the study analyzes real-world data from production SIEMs -- including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic -- covering more than 4,000 detection rules, nearly one million log sources, and hundreds of unique log source types.

Continue reading →

Cyberattacks are increasingly a feature of everyday life, yet many companies remain unaware of their teams' true readiness to defend against them.

Cyber defense specialist RangeForce is launching a new Defense Readiness Index (DRI), a pioneering scoring system which gauges an organization's readiness to effectively respond to the cyberattacks it is likely to face.

Continue reading →

Email attacks in the US grew by five times between June 2022 and May 2023. However, Europe saw total attacks increase seven-fold during the same period -- to an average of 2,842 attacks per 1,000 mailboxes in May.

Data released today by Abnormal Security shows that where business email compromise (BEC) attacks are concerned, the disparity is even greater.

Continue reading →

It’s no secret that rapidly rising prices, spurred by Russia’s war in Ukraine, have inflicted damage on the reputations of energy companies. While the companies themselves may not have caused those rising prices, it’s their logos that consumers see on top of their energy bills every month.

It should hardly be surprising then that a survey by Populous found that just 16 percent of Britons view the energy sector positively. These are people, remember, who’ve found themselves in the midst of one of the worst cost-of-living crisis in decades. Millions of them have also, at some point in the past few months had to choose between heating their homes and eating.

Continue reading →

Two thirds of IT executives in the manufacturing sector believe that their enterprise will be targeted by a cyberattack within the next 12 months.

The study of 300 executives, carried out by CXO Priorities for Quest Software, shows that the most significant threats are seen as ransomware (22 percent), industrial espionage (21 percent), and state-sponsored threats (21 percent).

Continue reading →

Last month broke ransomware records -- and not in a good way. The latest report from Blackfog shows 66 publicly disclosed ransomware attacks, the highest recorded since the company began reporting in January 2020.

More concerning still is a significant uptick in the attack success rate, with a 154 percent increase over 2022.

Continue reading →

A new report reveals that 93 percent of ransomware attacks are now targeting backup storage as a way of ensuring payment.

The report from Veeam also shows that the success of attacks is having an impact on enterprises' ability to get insurance cover. 21 percent of organizations say that ransomware is now specifically excluded from their policies.

Continue reading →

The majority of organizations use six or more communication tools, across channels, with email being the single channel seen as the most vulnerable to attacks.

Of those responding to a new survey by Enterprise Strategy Group (ESG) and Armorblox of almost 500 IT and security professionals, 38 percent see email as the most vulnerable channel.

Continue reading →

The security of APIs remains a top cybersecurity concern this year, according to a new study, yet there is still a lack of dedicated API security for many companies.

Research from TraceableAI, carried out at this year's RSA conference, finds that though 69 percent of organizations claim to factor APIs into their cybersecurity strategy, 40 percent of companies do not have dedicated professionals or teams for API security.

Continue reading →

The first quarter of 2023 has seen a significant increase in cyberattacks looking to exploit trust in established tech brands like Microsoft and Adobe.

A new report from Avast also finds a 40 percent rise in the share of phishing and smishing attacks over the previous year. Overall, two out of three threats people encounter online now seek to use social engineering techniques, taking advantage of human weaknesses.

Continue reading →